Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVEs/CVE-2019-16864/
CVEs/CVE-2019-16864/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE‑2019‑16864: CompleteFTP Server Authenticated Remote Command Execution

Information

Description: This vulnerability allows Remote Command Execution with SYSTEM privileges for any authenticated user with a Windows local or domain account on the target host. The is possible because of the "exec" command available in via SSH which always executes as SYSTEM regardless of the privileges of the logged in user. CompleteFTP Server versions prior to 12.1.4 are vulnerable to this attack by any level of Windows user. As of version 12.1.4, the "exec" command limited to Windows Administrator accounts.
Versions Affected: < 12.1.4
Researcher: Robert Fisher (https://twitter.com/be0vlk @be0vlk)
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2019-16864
Vendor Disclosure: https://enterprisedt.com/products/completeftp/doc/guide/html/history.html

Proof-of-Concept Exploit

Description

The attacker needs an account on the target system with SSH enabled. Exploitation is as simple as logging in and using the "exec" command to execute any arbitrary command as SYSTEM.

Usage/Exploitation

You must have the Paramiko library for Python installed. Run the exploit from the attacking machine using arguments as follows:

python cve-2019-16864.py 192.168.1.1 username password

PoC